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^^^f^ ^'fetRoa for encryption of information for a radio transmission 

^^^p^f^ and for aiJthentication of subscribers (S1, S2) in a communication system 
(UNM), th£ 

comp)^ses an access network (ACN) having equipment (BS, BSC) for 
the radib transmission as well as at least one core network (CON1, 
CON2) haying a respective equipment (AC, AC) for the subscriber 
authentication, 

allocates a radio channel (RCH) for the transmission of the 
information via aaadio interface (A!) from/to at least one base station 
(BS) of the accessspetwork (ACN), 
whereby 

- public keys (PUK1-MT, PCU<-BS) are mutually transmitted between a 
mobile station (MT) and the base station (BS) via the radio interface (Al), 

- the public key (PUK1-MT or, resjs)ectively, PUK-BS) received by the base 
station (BS) or, respectively, mobileVation (MT) is employed for encryption 
of the information to be subsequently transmitted via the radio interface (Al), 

- the encrypted information received\by the mobile station (MT) or, 
respectively, base station (BS) are deciphered on the basis of a private key 
(PRK1 -MT, PRK1 -BS) that is allocated to theVansmitted, public key (PUK1 - 
MT, PUK-BS) in the mobile station (MT) or, respectively, in the base station 
(BS), and whereby 

- a subscriber-specific means (SIN) of the mobile dt^ation (MT) implements 
the authentication of the respective core network (CG)N1, C0N2), and the 
means (AC, AC) of the core network (C0N1, CON2) implements the 
authentication of the subscriber (S1, S2) on the baa^s of encrypted 
information that have been mutually sent. 
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\ 2. Method according to claim 1 , whereby 

- \first public key (PUK1-MT) is first sent from the mobile station (MT) to 
the ba^ station (BS), which employs it for the encryption of the information 
to be servKby the mobile station (MT); 

- a public key (PUK-BS) is sent from the base station (BS) to the mobile 
station (MT), whnch employs it for the encryption of the information to be sent 
to the base statioK (BS); and, subsequently, 

- the mobile station (r^T) sends a second public key (PUK2-MT) to the base 
station (BS). \^ 

3. Method accordingslo claim 2, whereby the second public key 
(PUK2-MT) replaces the first key (PUK1-MT) sent to the base station (BS). 

4. Method according to clairrM , whereby 

- the base station (BS) first sends a first pulstlic key (PUK1 -BS) to the mobile 
station (MT) that employs for encryption of tnte information to be sent to the 
base station (BS); \ 

- the mobile station (MT) sends a public key (PUr^MT) to the base station 
(BS) that employs for the encryption of the informaHon to be sent to the 
mobile station (MT); and, subsequently, \ 

- the base station (BS) sends a second public key (PUK2-BS) to the mobile 
station (MT). \ 



5. Method according to claim 4, whereby the second publics, key 
(PUK2-BS) replaces the first key (PUK1-BS) sent to the base station (BSJ. 
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\ 6. Method according to one of the preceding claims, whereby 

- the rnobile station (MT) sends a subscriber identity (SID) of the subscriber 
(S1,' S2^and an authentication request (aureq-mt) to the core network 
(CON1, CON2) in encrypted form, and the means (AC, AC) of the core 
network (CON1, C0N2) returns an authentication reply (aures-co) in 
encrypted form\ 

- the mobile statron (MT) implements an authentication procedure for 
checking the identity \f the core network (C0N1,-C0N2). 

7. Method accorWig to claim 6, whereby 

- the means (AC, AC) of thb. core network (CON1, CON2) sends an 
authentication request (aureq-ccXin addition to the authentication reply 
(aures-co) in encrypted form, ancKthe mobile station (MT) returns an 
authentication reply (aures-mt) to the naeans (AC) in encrypted form; 
-the means (AC, AC) implements an autn^ntication procedure for checking 
the subscriber identity (SID). \ 

8. Method according to one of the preceding claims, whereby 
secret keys (ki) are employed for the authenticatiorvprocedure. 

9. Method according to one of the preceding claims, whereby the 
access network (ACN) services at least two core networks. (C0N1 , C0N2) 
in parallel and one or more subscribers (S1, S2) that can ase the mobile 
station (MT) in parallel are registered and authenticated in cMerent core 
networks (C0N1 , C0N2). \ 

10. Method according to one of the claims 1 through 8, whe<;eby 
the access network (ACN) services a core network (CON) in which a plurality 
of subscribers (S1, S2) that can use the mobile station (MT) in parallel are 
registered and authenticated. 
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\ 11. Method according to one of the preceding claims, whereby the 
acc^s network (ACN) an the core network or networks (C0N1 , C0N2) are 
administered by different network operators. 

1 2. NCommunication system for encryption of information for a radio 
transmission and for authentication of subscribers (SI, S2), comprising 

an access rework (ACN) having equipment (BS, BSC) for the radio 
transmission as^ell as at least one core network (C0N1, C0N2) 
having a respecbve means (AC, AC) for the subscriber 
authentication, \ 

a radio channel (RCH) for transmission of the intervention via a radio 
interface (Al) from/to at leasKone base station (BS) of the access 
network (ACN), \ 
and comprising \ 

- memory devices (MSP, BSP) in a mobile station (MT) and in the base 
station (BS) for storing public keys (PUK1-MT, PUK-BS) and private keys 
PRK1-BS, PRK1-BS [sic]) that are allocated to the public keys (PUK1-MT, 
PUK-BS), \ 

- transmission devices (MSE, BSE) in the mobile statiorWMT) and in the 
base station (BS) for mutually sending the public keys (PUK1 -^T, PUK1 -BS) 
via the radio interface (Al), \ 

- control devices (MST, BST) in the mobile station (MT) and in\he base 
station (BS) for encryption of the information to be subsequently sentyia the 
radio interface (Al) upon employment of the public keys (PUK1-Ml\or, 
respectively, PUK-BS) received by the base station (BS) or, respectively 
mobile station (MT) and for deciphering the received, encrypted information 
on the basis of the stored, appertaining private key (PRK1-MT, PRK1-BS), 
and comprising 
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subscriber-Specific means (SIN) in the mobile station (MT) and a means 
(ACKAC) in the respective core network (C0N1, C0N2) for the 
implem^tation of the authentication of the core network (C0N1 , CON2) as 
well as fonthe authentication of the subscribers (S1, S2) on the basis of 
mutually transmitted, encrypted information. 
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13. Commufik^tion system according to claim 12, comprising an 
access network (ACN) to which at least two core networks (CON1, C0N2) 
are connected in parallel for the registration and authentication of one or 
more subscribers (SI , S2) that can the mobile station (MT) in parallel in 
different core network (C0N1, C0N2). 

14. Communication system accordiri^o claim 12, comprising an 
access network (ACN) to which a core network (CQN1 ) is connected for the 
registration and authentication of a plurality of subscrio^rs (S1 , S2) that can 
use the mobile station (MT) in parallel. 

15. Communication system according to one of the'Weceding 
claims, comprising an access network (ACN) and one or more core neb^orks 
(C0N1 , C0N2> 4hat.e^(hibit different network operators. 



